Wednesday, July 17, 2013

Reset Local Windows Password with chntpw



I usually prefer to reset local Windows admin passwords with Offline NT Password & Registry Editor. But what if all you have handy is a live Knoppix? Here's how to do it with Knoppix using chntpw. It's far more simple than I had thought, so give it a try.

  1. Boot into Knoppix and pull up a root terminal
  2. apt-get install chntpw (requires a network connection)
  3. Mount the Windows system drive before continuing to step 4
  4. cd [mount_location]/WINDOWS/system32/config 
  5. chntpw -l SAM 
  6. chntpw -u Administrator SAM 
  7. Enter 1 to blank password
  8. Enter y to write changes 
  9. chntpw -u Administrator SAM 
  10. Enter 4 to unlock and enable the account
  11. Enter y to write changes 
  12. chntpw -l SAM

Keep in mind that as the program warns, it's a bit "hacky". You may have to try it multiple times for it to work. Also, I found interactive mode to be too buggy to even use. I would just use the commands above. You should also know that is always best to clear the password instead of changing it. The latter has a much lower success rate. If you do clear it, you may want to unplug the network cable until you are able to log into Windows and change it. It may sound paranoid, but you don't want to get hacked because you had a blank password for 60 seconds. Especially on a web server that is on the world wide web.

I hope this helps you if you are in a jam sometime and have no choice but to do it the old fashioned way with chntpw!

P.S. I only had a chance to test this on XP using Knoppix 7.0.5, so please leave a comment on your experience with other versions!